Jump to content

jjsomer

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by jjsomer

    Help...my browser has been hijacked

    in Resolved Malware Removal Logs

    Posted

    Junkware Removal Tool log...

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 4.6.2 (02.02.2013:2)

    OS: Windows 7 Home Premium x64

    Ran by roxane on Sat 02/09/2013 at 21:15:43.14

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Sat 02/09/2013 at 21:35:02.89

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner log...

    # AdwCleaner v2.109 - Logfile created 01/29/2013 at 06:30:11

    # Updated 26/01/2013 by Xplode

    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

    # User : roxane - ROXANE-PC

    # Boot Mode : Normal

    # Running from : C:\Users\roxane\Desktop\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\AppGraffiti

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti

    Folder Deleted : C:\Users\roxane\AppData\LocalLow\AppGraffiti

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppGraffiti

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

    Key Deleted : HKLM\Software\AppGraffiti

    Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    *************************

    AdwCleaner[s1].txt - [3679 octets] - [29/01/2013 06:30:11]

    ########## EOF - C:\AdwCleaner[s1].txt - [3739 octets] ##########

    AdwCleaner #2...

    # AdwCleaner v2.111 - Logfile created 02/09/2013 at 21:36:12

    # Updated 05/02/2013 by Xplode

    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

    # User : roxane - ROXANE-PC

    # Boot Mode : Normal

    # Running from : C:\Users\roxane\Desktop\AdwCleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\roxane\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[s1].txt - [3806 octets] - [29/01/2013 06:30:11]

    AdwCleaner[s2].txt - [720 octets] - [09/02/2013 21:36:12]

    ########## EOF - C:\AdwCleaner[s2].txt - [779 octets] ##########

    MBAM results...

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.02.09.08

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    roxane :: ROXANE-PC [administrator]

    Protection: Enabled

    2/9/2013 9:42:53 PM

    mbam-log-2013-02-09 (21-42-53).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 212142

    Time elapsed: 4 minute(s), 5 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Help...my browser has been hijacked

    in Resolved Malware Removal Logs

    Posted

    Results from ComboFix...

    ComboFix 13-02-07.02 - roxane 02/09/2013 13:06:13.2.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2925.1654 [GMT -5:00]

    Running from: c:\users\roxane\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-01-09 to 2013-02-09 )))))))))))))))))))))))))))))))

    .

    .

    2013-02-09 18:16 . 2013-02-09 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-02-08 18:28 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42AAE5CF-B014-4098-B85A-8E3C5A50D36F}\mpengine.dll

    2013-01-30 01:03 . 2013-01-30 01:03 1036 ----a-w- C:\FixitRegBackup.reg

    2013-01-28 20:54 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

    2013-01-28 20:54 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

    2013-01-28 20:54 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

    2013-01-28 20:54 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

    2013-01-28 12:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2013-01-28 12:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2013-01-28 12:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2013-01-28 12:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2013-01-27 23:13 . 2013-01-27 23:13 -------- d-----w- c:\users\roxane\AppData\Local\Google

    2013-01-27 23:13 . 2013-01-27 23:14 -------- d-----w- c:\program files (x86)\Google

    2013-01-27 23:13 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2013-01-27 23:13 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2013-01-27 23:13 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-01-27 23:13 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2013-01-27 23:13 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-01-27 23:13 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-01-27 23:13 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

    2013-01-27 23:12 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr

    2013-01-27 23:12 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

    2013-01-27 23:11 . 2013-01-27 23:11 -------- d-----w- c:\programdata\AVAST Software

    2013-01-27 23:11 . 2013-01-27 23:11 -------- d-----w- c:\program files\AVAST Software

    2013-01-27 23:02 . 2013-01-27 23:02 -------- d-----w- C:\found.005

    2013-01-27 21:52 . 2013-01-27 21:52 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

    2013-01-27 20:29 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

    2013-01-27 20:29 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

    2013-01-27 20:28 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

    2013-01-27 20:28 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

    2013-01-27 20:24 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

    2013-01-27 20:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

    2013-01-27 20:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

    2013-01-27 20:07 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-01-27 20:07 . 2013-01-29 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2013-01-27 20:07 . 2013-01-27 20:07 -------- d-----w- c:\users\roxane\AppData\Local\Programs

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-02-09 03:40 . 2012-02-11 23:05 45056 ----a-w- c:\windows\system32\acovcnt.exe

    2013-01-27 21:52 . 2012-04-17 18:38 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-01-27 21:52 . 2011-07-14 05:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-01-27 21:01 . 2012-06-05 13:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

    2013-01-27 20:59 . 2012-06-05 13:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

    2013-01-27 20:59 . 2012-06-05 13:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

    2013-01-27 20:58 . 2012-06-05 13:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

    2013-01-17 06:28 . 2011-07-13 22:20 273840 ------w- c:\windows\system32\MpSigStub.exe

    2012-12-16 22:31 . 2011-07-14 23:33 67599240 ----a-w- c:\windows\system32\MRT.exe

    2012-11-30 04:45 . 2013-01-27 20:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

    2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

    2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-11 3077528]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]

    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-04-26 1597440]

    "Online Vault"="c:\program files (x86)\OnlineVault\OVTray.exe" [2012-11-12 371360]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UacDisableNotify"=dword:00000001

    .

    2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

    R3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-12-23 174592]

    R3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-12-23 81920]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

    R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

    R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-14 1255736]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]

    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]

    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-23 71168]

    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]

    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:52]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

    2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888]

    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.yahoo.com/

    mDefault_Page_URL = hxxp://www.yahoo.com

    mStart Page = hxxp://www.yahoo.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: freerealms.com

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    TCP: DhcpNameServer = 192.168.2.1

    DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-2894406037-275763777-2117583697-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.Email.1"

    .

    [HKEY_USERS\S-1-5-21-2894406037-275763777-2117583697-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.VCard.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2013-02-09 13:20:41

    ComboFix-quarantined-files.txt 2013-02-09 18:20

    ComboFix2.txt 2013-02-09 17:01

    .

    Pre-Run: 19,904,888,832 bytes free

    Post-Run: 19,608,158,208 bytes free

    .

    - - End Of File - - B45A1D04B121320E096413FA3F206094

    Help...my browser has been hijacked

    in Resolved Malware Removal Logs

    Posted

    Thanks for the help. There were 4 report files generated from RogueKiller. See below...

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Scan -- Date : 02/08/2013 22:51:09

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

    [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++

    --- User ---

    [MBR] 0a2f32079f6be98e749353b6bb8d540f

    [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code

    Partition table:

    0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo

    2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02082013_02d2251.txt >>

    RKreport[1]_S_02082013_02d2251.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Remove -- Date : 02/08/2013 22:52:44

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED

    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

    [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> REPLACED (C:\Windows\system32\logon.scr)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++

    --- User ---

    [MBR] 0a2f32079f6be98e749353b6bb8d540f

    [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code

    Partition table:

    0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo

    2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02082013_02d2252.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Shortcuts HJfix -- Date : 02/08/2013 22:54:30

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤

    Desktop: Success 2 / Fail 0

    Quick launch: Success 1 / Fail 0

    Programs: Success 9 / Fail 0

    Start menu: Success 1 / Fail 0

    User folder: Success 281 / Fail 0

    My documents: Success 0 / Fail 0

    My favorites: Success 0 / Fail 0

    My pictures: Success 0 / Fail 0

    My music: Success 24 / Fail 0

    My videos: Success 0 / Fail 0

    Local drives: Success 78 / Fail 0

    Backup: [NOT FOUND]

    Drives:

    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

    [E:] \Device\CdRom0 -- 0x5 --> Skipped

    Finished : << RKreport[3]_SC_02082013_02d2254.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : HOSTSFix -- Date : 02/08/2013 22:54:44

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ Reset HOSTS: ¤¤¤

    Finished : << RKreport[4]_H_02082013_02d2254.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt ; RKreport[4]_H_02082013_02d2254.txt

    Help...my browser has been hijacked

    in Resolved Malware Removal Logs

    Posted

    Thanks for the help. There were 4 report files generated from RogueKiller. See below...

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Scan -- Date : 02/08/2013 22:51:09

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

    [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++

    --- User ---

    [MBR] 0a2f32079f6be98e749353b6bb8d540f

    [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code

    Partition table:

    0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo

    2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02082013_02d2251.txt >>

    RKreport[1]_S_02082013_02d2251.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Remove -- Date : 02/08/2013 22:52:44

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED

    [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED

    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

    [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> REPLACED (C:\Windows\system32\logon.scr)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++

    --- User ---

    [MBR] 0a2f32079f6be98e749353b6bb8d540f

    [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code

    Partition table:

    0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo

    2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02082013_02d2252.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : Shortcuts HJfix -- Date : 02/08/2013 22:54:30

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤

    Desktop: Success 2 / Fail 0

    Quick launch: Success 1 / Fail 0

    Programs: Success 9 / Fail 0

    Start menu: Success 1 / Fail 0

    User folder: Success 281 / Fail 0

    My documents: Success 0 / Fail 0

    My favorites: Success 0 / Fail 0

    My pictures: Success 0 / Fail 0

    My music: Success 24 / Fail 0

    My videos: Success 0 / Fail 0

    Local drives: Success 78 / Fail 0

    Backup: [NOT FOUND]

    Drives:

    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

    [E:] \Device\CdRom0 -- 0x5 --> Skipped

    Finished : << RKreport[3]_SC_02082013_02d2254.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt

    RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : roxane [Admin rights]

    Mode : HOSTSFix -- Date : 02/08/2013 22:54:44

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    72.29.93.243 www.google-analytics.com.

    72.29.93.243 ad-emea.doubleclick.net.

    72.29.93.243 www.statcounter.com.

    64.27.10.42 www.google-analytics.com.

    64.27.10.42 ad-emea.doubleclick.net.

    64.27.10.42 www.statcounter.com.

    ¤¤¤ Reset HOSTS: ¤¤¤

    Finished : << RKreport[4]_H_02082013_02d2254.txt >>

    RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt ; RKreport[4]_H_02082013_02d2254.txt

    Help...my browser has been hijacked

    in Resolved Malware Removal Logs

    Posted

    Every time I launch internet explorer and browse to a site, a get a pop up in the lower left and lower right sections of the browser window. The window wants to redirect me to a site ad.xtendmedia.com. I have run a scan on the system with MalwareBytes Pro and a full system scan with AVAST virus scanner. Neither have turned up an issue.

    Can you please help me with this? Below are the DDS.txt and Attach.txt from a scan of the system...

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16457

    Run by roxane at 13:21:48 on 2013-02-08

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2925.1534 [GMT -5:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\FBAgent.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

    C:\Program Files\P4G\BatteryLife.exe

    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\SysWOW64\ACEngSvr.exe

    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

    C:\Windows\AsScrPro.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    C:\Program Files (x86)\OnlineVault\OVTray.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    C:\Windows\system32\sppsvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\SysWOW64\ctfmon.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.yahoo.com/

    uSearch Bar = Preserve

    mStart Page = hxxp://www.yahoo.com

    mDefault_Page_URL = hxxp://www.yahoo.com

    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -update activex

    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    mRun: [Online Vault] "C:\Program Files (x86)\OnlineVault\OVTray.exe"

    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: freerealms.com

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    TCP: NameServer = 192.168.2.1

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E} : DHCPNameServer = 192.168.2.1

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\2656C6B696E6E2634336 : DHCPNameServer = 192.168.2.1

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\65562796A7F6E602D494649443531303C4029334833402355636572756 : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\74275656E6350727573656D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\A41637F6E6D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62

    TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\E4544574541425 : DHCPNameServer = 192.168.1.1

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

    x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

    x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

    x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-Notify: igfxcui - igfxdev.dll

    x64-SSODL: WebCheck - <orphaned>

    Hosts: 72.29.93.243 www.google-analytics.com.

    Hosts: 72.29.93.243 ad-emea.doubleclick.net.

    Hosts: 72.29.93.243 www.statcounter.com.

    Hosts: 64.27.10.42 www.google-analytics.com.

    Hosts: 64.27.10.42 ad-emea.doubleclick.net.

    .

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    .

    ============= SERVICES / DRIVERS ===============

    .

    R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]

    R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-10-18 15928]

    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-27 984144]

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-27 370288]

    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-18 379520]

    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-27 25232]

    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-27 71600]

    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-27 44808]

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-18 2314240]

    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]

    R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2009-12-22 71168]

    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]

    R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-18 56344]

    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

    R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]

    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]

    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]

    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-27 398184]

    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-27 682344]

    S3 bpmp;bpmp;C:\Windows\System32\drivers\bpmp.sys [2009-12-22 174592]

    S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2009-12-22 81920]

    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-18 35104]

    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-15 48488]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-27 24176]

    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

    S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]

    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-14 1255736]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2013-01-30 01:03:28 1036 ----a-w- C:\FixitRegBackup.reg

    2013-01-30 00:54:27 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

    2013-01-30 00:54:18 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E381820-B06D-4635-967E-CA8653384148}\mpengine.dll

    2013-01-29 11:56:57 -------- d-sh--w- C:\$RECYCLE.BIN

    2013-01-28 20:54:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll

    2013-01-28 20:54:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll

    2013-01-28 20:54:24 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2013-01-28 20:54:24 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2013-01-28 12:46:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2013-01-28 12:46:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2013-01-28 12:46:09 367616 ----a-w- C:\Windows\System32\atmfd.dll

    2013-01-28 12:46:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2013-01-27 23:13:08 -------- d-----w- C:\Users\roxane\AppData\Local\Google

    2013-01-27 23:13:05 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

    2013-01-27 23:13:03 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

    2013-01-27 23:13:02 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

    2013-01-27 23:12:21 41224 ----a-w- C:\Windows\avastSS.scr

    2013-01-27 23:11:50 -------- d-----w- C:\ProgramData\AVAST Software

    2013-01-27 23:11:50 -------- d-----w- C:\Program Files\AVAST Software

    2013-01-27 23:02:28 -------- d-sh--w- C:\found.005

    2013-01-27 21:52:08 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

    2013-01-27 20:29:34 750592 ----a-w- C:\Windows\System32\win32spl.dll

    2013-01-27 20:29:34 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

    2013-01-27 20:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2013-01-27 20:28:53 2048 ----a-w- C:\Windows\System32\tzres.dll

    2013-01-27 20:24:41 424448 ----a-w- C:\Windows\System32\KernelBase.dll

    2013-01-27 20:22:32 68608 ----a-w- C:\Windows\System32\taskhost.exe

    2013-01-27 20:22:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

    2013-01-27 20:07:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2013-01-27 20:07:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2013-01-27 20:07:35 -------- d-----w- C:\Users\roxane\AppData\Local\Programs

    .

    ==================== Find3M ====================

    .

    2013-01-29 11:52:34 45056 ----a-w- C:\Windows\System32\acovcnt.exe

    2013-01-27 21:52:28 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-01-27 21:52:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

    2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

    .

    ============= FINISH: 13:23:31.54 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 7/14/2011 8:02:35 AM

    System Uptime: 2/8/2013 1:11:08 PM (0 hours ago)

    .

    Motherboard: ASUSTeK Computer Inc. | | K52F

    Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | Socket 989 | 919/533mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 75 GiB total, 17.198 GiB free.

    D: is FIXED (NTFS) - 216 GiB total, 215.7 GiB free.

    E: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP151: 1/27/2013 5:50:17 PM - Removed AVG 2012

    RP152: 1/27/2013 5:53:29 PM - Removed AVG 2012

    RP153: 1/27/2013 6:10:53 PM - avast! Free Antivirus Setup

    RP155: 1/28/2013 7:42:39 AM - Windows Modules Installer

    RP156: 1/28/2013 7:43:55 AM - Windows Modules Installer

    RP157: 1/29/2013 6:29:30 AM - Windows Update

    RP158: 1/29/2013 1:15:00 PM - Removed Facebook Video Calling 1.2.0.287

    RP159: 1/29/2013 6:38:30 PM - Installed Microsoft Fix it 50267

    RP160: 1/29/2013 8:02:28 PM - Installed Microsoft Fix it 50535

    .

    ==== Hosts File Hijack ======================

    .

    Hosts: 72.29.93.243 www.google-analytics.com.

    Hosts: 72.29.93.243 ad-emea.doubleclick.net.

    Hosts: 72.29.93.243 www.statcounter.com.

    Hosts: 64.27.10.42 www.google-analytics.com.

    Hosts: 64.27.10.42 ad-emea.doubleclick.net.

    Hosts: 64.27.10.42 www.statcounter.com.

    .

    ==== Installed Programs ======================

    .

    Acrobat.com

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    ASUS AI Recovery

    ASUS CopyProtect

    ASUS Data Security Manager

    ASUS FancyStart

    ASUS LifeFrame3

    ASUS Live Update

    ASUS MultiFrame

    ASUS Power4Gear Hybrid

    ASUS SmartLogon

    ASUS Splendid Video Enhancement Technology

    ASUS Virtual Camera

    ATK Package

    avast! Free Antivirus

    Bonjour

    Conexant HD Audio

    ControlDeck

    D3DX10

    ETDWare PS/2-x64 7.0.5.11_WHQL

    Fast Boot

    Free Realms

    Intel PROSet Wireless

    Intel® Control Center

    Intel® Graphics Media Accelerator Driver

    Intel® Management Engine Components

    Intel® PROSet/Wireless WiFi Software

    Intel® PROSet/Wireless WiMAX Software

    iTunes

    Java Auto Updater

    Java 6 Update 22

    Java 6 Update 26

    JMicron Ethernet Adapter NDIS Driver

    JMicron Flash Media Controller Driver

    Junk Mail filter update

    K_Series_ScreenSaver_EN

    Malwarebytes Anti-Malware version 1.70.0.1100

    Mesh Runtime

    Messenger Companion

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    MSVCRT

    MSVCRT_amd64

    Online Vault

    OpenOffice.org 3.3

    Pando Media Booster

    QuickTime

    Roblox for roxane

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

    Spelling Dictionaries Support For Adobe Reader 9

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    USB 2.0 2.0M UVC WebCam

    USB 2.0 VGA UVC WebCam

    Visual Studio 2008 x64 Redistributables

    VLC media player 2.0.1

    WIDCOMM Bluetooth Software

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Language Selector

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Messenger Companion Core

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live Remote Client

    Windows Live Remote Client Resources

    Windows Live Remote Service

    Windows Live Remote Service Resources

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    WinFlash

    Wireless Console 3

    Wizard101

    Yahoo! BrowserPlus 2.9.8

    Yahoo! Messenger

    Yahoo! Software Update

    Yahoo! Toolbar

    .

    ==== Event Viewer Messages From Past Week ========

    .

    2/8/2013 1:15:12 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    2/8/2013 1:14:59 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

    2/8/2013 1:10:33 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The pipe has been ended.

    2/8/2013 1:10:33 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless Event Log service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.

    2/8/2013 1:10:33 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:33 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:31 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:29 PM, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:29 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:29 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless WiMAX Service service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:28 PM, Error: Service Control Manager [7038] - The stisvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: A system shutdown is in progress.

    2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: A system shutdown is in progress.

    2/8/2013 1:10:27 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:27 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:27 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

    2/8/2013 1:10:26 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress.

    2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:25 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Encrypting File System (EFS) service failed to start due to the following error: A system shutdown is in progress.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure.

    2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The pipe has been ended.

    2/8/2013 1:10:19 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.